Corporate Sustainability Due Diligence Directive
The EU's landmark directive requiring large companies to identify, prevent, and mitigate adverse human rights and environmental impacts across their entire value chains -- significantly narrowed by the Omnibus I simplification package in March 2026.
The EU has passed a law that makes large companies legally responsible for human rights abuses and environmental damage in their supply chains. If a company sells clothes made in a factory with unsafe working conditions, or sources minerals from a mine that poisons local water, the company at the top of that chain can now face fines and legal consequences -- even if it did not cause the harm directly.
This law is called the Corporate Sustainability Due Diligence Directive, or CSDDD. It was adopted in 2024 but then significantly scaled back in early 2026 through the "Omnibus I" simplification package, which entered into force on 18 March 2026. The result: far fewer companies are now covered (roughly 4,000 instead of 13,000), the maximum penalty dropped from 5% to 3% of worldwide turnover, and the timeline was pushed back. Member states must write the directive into national law by July 2028, and companies must comply from July 2029. The obligation to publish an annual due diligence statement applies to financial years starting on or after 1 January 2030.
In practice, the directive requires companies to actively look for problems in their supply chains -- things like forced labour, child labour, deforestation, or toxic pollution -- and take concrete steps to stop or prevent them. They must set up a complaints channel, monitor whether their efforts are working, and report publicly on what they found and what they did about it. The original directive also required companies to adopt a climate transition plan, but Omnibus I removed that obligation entirely, aligning climate planning with the separate CSRD reporting framework.
Several countries already had their own versions of this law. France has required large companies to publish a "vigilance plan" since 2017. Germany introduced its own supply chain law (LkSG) in 2023, but the new coalition government has agreed to repeal it and replace it with a leaner national implementation of the CSDDD. Once transposed, the directive will replace these national laws with a single EU-wide standard -- though civil liability for non-compliance will be governed by each country's own legal system, not by a harmonised EU regime.
On 18 March 2026, the Omnibus I simplification package entered into force, fundamentally reshaping the CSDDD. The changes reduce scope by approximately 70%, extend the timeline, and shift civil liability to national law.
The CSDDD applies based on two cumulative thresholds: employee headcount and net worldwide turnover. Both conditions must be met simultaneously.
The CSDDD follows the OECD Due Diligence Guidance framework, requiring companies to implement a continuous cycle of six interconnected steps.
While the CSDDD applies across all sectors, the following industries carry heightened risk for adverse human rights and environmental impacts in their supply chains.
The CSDDD does not exist in isolation. It connects to a dense network of EU sustainability regulations, each adding sector-specific or topic-specific requirements.
Several EU member states adopted national supply chain due diligence laws before the CSDDD. Once transposed, the directive will supersede these national laws for companies in scope of both.
Supply chain due diligence has rapidly evolved from a voluntary best practice into a binding legal obligation across both the European Union and the United States. At the centre of the EU framework is the Corporate Sustainability Due Diligence Directive (CSDDD), adopted in 2024, which requires large companies to identify, prevent, mitigate, and account for adverse human rights and environmental impacts throughout their value chains. On the US side, the Uyghur Forced Labor Prevention Act and related measures prohibit imports of goods produced with forced labour, reflecting a parallel but enforcement-driven approach.
The CSDDD was significantly amended by the Omnibus I simplification package, adopted by the EU Council on 24 February 2026 and entering into force on 18 March 2026. The revised scope applies only to EU companies with more than 5,000 employees and net worldwide turnover exceeding 1.5 billion euros, as well as non-EU companies generating more than 1.5 billion euros in EU turnover -- a roughly 70% reduction in scope from the original directive. The transposition deadline has been extended to 26 July 2028, with companies required to comply from 26 July 2029.
Key obligations under the CSDDD include integrating due diligence into corporate policies, identifying actual and potential adverse impacts, taking appropriate measures to prevent or mitigate those impacts, establishing and maintaining a complaints mechanism, monitoring effectiveness, and publicly reporting on due diligence activities. The Omnibus I package removed the EU-harmonised civil liability regime, leaving liability to be governed primarily by national law, and reduced the maximum financial penalty from 5% to 3% of net worldwide turnover. The climate transition plan obligation was also removed, aligning with changes made to the CSRD.
In the United States, the emphasis has been on trade enforcement. The Uyghur Forced Labor Prevention Act creates a rebuttable presumption that goods from China's Xinjiang region are produced with forced labour and thus banned from import. US Customs and Border Protection enforces this through Withhold Release Orders and entity lists. Companies importing into the US must map their supply chains and demonstrate that goods are free from forced labour to avoid seizure at the border.
These supply chain frameworks interact extensively with other regulations. The EUDR adds deforestation-specific due diligence for commodities, while the EU Battery Regulation requires supply chain due diligence for battery raw materials. CSRD reporting obligations overlap with CSDDD due diligence disclosures, and the EU Whistleblower Protection Directive supports the complaints mechanisms that CSDDD requires. For businesses, the convergence of these requirements demands integrated compliance strategies that address human rights, environmental, and trade obligations across global supply chains.
Select your company type for tailored compliance guidance.